Security Expert Warned Solarwinds in 2019 That Anyone Could Access Their Server With Password ‘solarwinds123’
Russian hack confirmed!
A security researcher said he warned SolarWinds in 2019 that the IT company’s update server could be accessed by using the password “solarwinds123,” according to a Tuesday Reuters report.
The revelation comes days after a massive hack of the Austin-based SolarWinds was made public, an attack that has since been confirmed to have infiltrated US government agencies. According to Reuters, experts are now tracing their steps to identify any weak security points that hackers could have taken advantage of. Security expert Vinoth Kumar told Reuters that he warned the company last year about setting the password for a secure server as “solarwinds123.”
Kumar told the publication that “this could have been done by any attacker, easily.” SolarWinds did not immediately respond to Business Insider’s request for comment.
The attack specifically involved hackers plugging malware into the IT company’s Orion software, which was later distributed to about 18,000 clients.
It’s unclear which clients specifically were affected by the hack, but SolarWinds has more than 300,000 clients, many of which are Fortune 500 companies including Microsoft, AT&T, and McDonald’s, as well as government agencies.
The Trump administration acknowledged that the hackers had indeed gained access to official networks, including the US Treasury. The Department of Homeland Security and the State Department are also confirmed to have been hacked.
As Business Insider’s Aaron Holmes reported, the hackers were able to spy on the companies and federal agencies for months, free to peruse victims’ files and private communications sent by the top brass of the US government. They gained access in March, as the COVID-19 pandemic first began setting into the US, and were able to steal data undetected. The hack was just made public this week, and US authorities directed clients running the Orion software to disconnect from it.
Source: Business Insider
Looks more like that the servers are just simply honey pots designed to attract intruders and supply them with false and misleading data. Doubt that Russia or even China are interested in hacking into those servers, there is no need to since the US has secrets that are easily uncovered by other more conventional means and methods.
Well, technically you can’t hack what can be easily accessed so DMZ is the best protection against hacking)))
possibly a trap…..but that’s just too easy to fall into it….it would be insulting for every “honest” hacker….
I am rather suspecting that it was poorly paid LGBTQ and lazy “IT” expert…..
That’s the idea, innit Mata Hillary..
Get material that is valuable off the internet period. Hacks are supposed to be a crime but what about thousands of people with legal access to your data. Don’t trust any of them and avoid giving them free access.
Stop being a knucklehead
“Solarwinds123” is a default factory password. It is ALWAYS changed after install and testing.
The “hack” if real, was done at solarwinds during development in house OR someone that KNEW EVERYTHING ABOUT SOLARWINDS DEVELOPMENT CYCLE and inserted their code changes after quality control (QC), regression testing, moving out of sandbox to the final versions to become release candidates. That is VERY VERY difficult to do that as the version control software tracks every change.
I vote for an in house hack or worse, something that was DELIBERATELY designed INTO the software to be activated at a later time.
Remember, the servers that were confiscated were from a CIA safehouse.
I would be looking for CIA personnel infecting Solarwinds. It is for sure a team. Not a lone wolf.
Possible that Solarwinds is a CIA company
“During 2007, SolarWinds raised funding from Austin Ventures, Bain Capital, and Insight Venture Partners.”
There you go. Solarwinds was originally funded by the INTEL spooks, prior to its IPO